Shulou(Shulou.com)06/01 Report--

Today, the editor will bring you an article about the deployment and configuration of Azure Exchange. The editor thinks it is very practical, so I will share it for you as a reference. Let's follow the editor and have a look.

Exchange hybrid deployment

The Exchange hybrid deployment feature allows Exchange mailboxes to coexist locally and in Azure by synchronizing a specific set of properties from Azure AD back to your own Active Directory.

Password rewriting

If the password changes in Azure AD, it will be written back to your own Active Directory.

User writes back to

If you create a user in Azure AD, it will be written back to your own Active Directory.

Azure AD applications and property filtering

Group rewrite

Device synchronization

Directory extension property synchronization

Select the following two options, as shown below, and we can configure the writeback location in the local Active Directory.

Additional option

Next, you need to configure a new AD FS farm Windows Server 2012 R2. Specifies the SSL certificate used to protect communication between the client and the AD FS. The certificate file should be located in pfx.

Because ADFS takes advantage of SSL, we need to have a SSL certificate. You can try three options, but only one is possible:

Self-signed certificate

Certificate issued by internal PKI

Certificate from third-party public CA

Office 365 needs to see a valid service communication certificate on the ADFS infrastructure, so you will have to buy a certificate from the public CA. Office 365 will not trust self-signed or service communication certificates from internal CA. For token decryption and token signing certificates, we can use self-signed certificates. These are separate from the service communication certificate.

Please follow the documentation of the selected CA to request, install, and complete the certificate. The steps required vary from vendor to vendor and over time. Make sure you haven't lost any updated intermediate certificates!

We will deploy the initial ADFS server and add another ADFS server to achieve redundancy in the future.

Add a federated authentication server on Windows Server 2012 R2, specify the location where the AD FS service is installed

Add proxy server on Windows Server 2012 R2, specify the location where the Web application proxy server is installed

Next, specify the agent trust credentials. The Web application agent requires credentials to request a certificate from the federated server.

You can use GMSA as an ADFS service account. GMSA automatically updates the credentials of the service account, and the administrator ignores its password.

In this case, the standard service account will be used.

Select the Azure AD domain to federate with the local directory. Convert an enterprise domain to a federated domain

The last step in a really good wizard is to install and configure synchronization services, AD FS and WAP servers

Complete the configuration

For now, make sure that you have created DNS records so that clients can resolve your federated authentication service internally and externally.

So much for the deployment and configuration of Azure Exchange. Solving the problem is not just the way analyzed in the article, but the accuracy of the method analyzed in this article is indisputable. If you like this article, you might as well share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.